In the Claims: 



Please amend claims 1, 12, 33, 36, 41, 48 and 52 as indicated below. 

1. (Currently amended) A method for automated discovery of data comprising: 
defining at least one computer-implemented source resource containing a set of 

information objects, wherein the set of information objects defines a set of user s, wherein 
said defining at least one computer-implemented source resource produces a source 
resource definition for each at least one source resource : 

a computer program process using the source resource definition for each at least 
one source resource to discovering said set of users from said source resource; 

defining an additional resource containing a second set of information objects, 
wherein each information object from said second set of information objects corresponds 
to a user from said set of user s, wherein said defining an additional resource produces a 
additional resource definition : 

the computer program process using the additional resource definition to 
discovering said second set of information objects from said additional resource bas e d on 
s aid additional r e sourc e d e finition ; and 

the computer program process associating each information object from said 
second set of information objects with the corresponding user from said set of users and 
with said additional resource. 

2. (Original) The method of claim 1, further comprising: 
defining a correlation rule; and 

associating each information object from said second set of information objects 
with the corresponding user form said set of users based on said correlation rule. 

3. (Original) The method of claim 1, further comprising: 
defining a correlation rule; 

discovering said set of users from multiple source resources; and 

rejecting duphcate users from said set of users based on said correlation rule. 
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4. (Original) The method of claim 1, further comprising: 

creating a virtual identity for each user from said set of users, wherein each virtual 
identity includes an information object list associating at least one of said information 
objects from said second set of information objects with the corresponding user and with 
the said second resource. 

5. (Original) The method of claim 4, wherein said information object Ust 
comprises; 

an information object name; and 

a resource name, wherein the resource name corresponds to the resource from 
which the information object corresponding to the information object name was 
discovered. 

6. (Original) The method of claim 1, fiirther comprising: 
providing connection information for said source resource; and 
providing connection information for said additional resource. 

7. (Original) The method of claim 6, wherein the connection information for 
said source resource includes a hostname, a port, a usemame and a password and wherein 
the connection information for said additional resource includes a hostname, a port, a 
usemame and a password. 

8. (Original) The method of claim 1, fiirther comprising defining a schema map, 
wherein the schema map maps an attribute from said source resource to a virtual 
attribute. 

9. (Original) The method of claim 1, fiirther comprising a schema map, wherein 
said schema map maps an attribute from said additional resource to a virtual attribute. 

10. (Original) The method of claim 9, fiuther comprising: 
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creating a virtual identity for each user from said set of users, wherein each virtual 
identity includes an information object list associating at least one of said information 
objects from said second set of information objects with the corresponding user. 

11. (Original) The method of claim 4, wherein said information object list 
comprises: 

an information object name; and 

a resource name, wherein the resource name corresponds to the resource from 
which the information object corresponding to the information object name was 
discovered. 

12. (Currently amended) A method of discovering users and accounts comprising: 
defining at least one computer-implemented source resource containing a first set 

of user accoimts from which a set of users are discoverabl e, wherein said defining 
produces a definition for each at least one source resource : 

a computer program process using the definition for each at least one source 
resource to discovermg said set of users based on said set of user accounts; and 

the computer program process associating each user account from said first set of 
user accounts with the corresponding user and with said source resource. 

13. (Original) The method of claim 12, wherein said furst set of user accounts 
resides on multiple source resources, fiirther comprising: 

defining a correlation rule; 

discovering said set of users from said multiple source resources; and 
rejecting duplicate users according to said correlation rule. 

14. (Original) The method of claim 12 fiirther comprising: 

defining an additional resource containing a second set of user accoimts, wherein 
each user account from said second set of user accounts corresponds to a user from said 
set of users; 
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discovering said second set of user accounts based on said additional resource 
definition; and 

associating each of said second set of user accounts with the corresponding user 
from said set of users and with said additional resource. 

15. (Original) The method of claim 14, further comprising: 
defining a correlation rule; 

associating each of said second set of user accounts with a user from said set of 
users based on said correlation rule. 

16. (Currently amended) The method of claim 15, further comprising: 

creating a virtual identity for each user, wherein said virtual identity includes «id 
m account Ust associating resource accounts to the corresponding user. 

17. (Original) The method of claim 14, further comprising identifying said 
additional resource. 

18. (Original) The method of claim 14, further comprising defining a schema 
map for said additional resource. 

19. (Original) The method of claim 18, further comprising mapping an attribute 
from said second set of resource accounts to a virtual attribute. 

20. (Original) The method of claim 12, further comprising defining one or more 
roles for one or more users. 

21. (Original) A system for discovering information on a network comprising: 
a computer readable medium; and 

a software program stored on said computer readable memory and executable by a 
computer processor to: 
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receive a source resource definition, wherein said source resource contains 
a first set of information objects firom which a set of users are discoverable; 
connect to said source resource; 
discover said user names; 

receive a second resource definition, wherein said second resource 
contains a second set of information objects and wherein each of said second set of 
information objects corresponds to a user firom said set of users; 

discover said second set of information objects firom said second resource; 

associate each information object fi-om said second set of information 
objects with the corresponding user. 

22. (Original) The system of claim 21, wherein said software program is fiirther 
executable to: 

receive a correlation rule; and 

associate each information object firom said second set of information objects with 
the corresponding user based on said correlation rule. 

23. (Original) The system of claim 21, further comprising: 

receiving a schema map for said second resource, wherein said schema map maps 
attributes fi"om said second resource to virtual attributes. 

24. (Original) The system of claim 23, wherein said virtual attributes are stored 
an identity index. 

25. (Original) The system of claim 21, fiirther comprising creating a virtual 
identity for each user from said set of users. 

26. (Original) The system of claim 25, wherein said virtual identity includes an 
information object hst associating said user with corresponding information objects. 

27. (Original) A system for discovering information on a network comprising: 
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a computer readable medium; and 

a software program stored on said computer readable memory and executable by a 
computer processor to: 

receive a source resource definition, wherein said source resource contains 
a first set of resource fi*om which a set of users are discoverable; 

connect to said source resource; 

discover said user names; 

receive a second resource definition, wherein said second resource 
contains a second set of resource accoimts and wherein each of said second set of 
resource accounts corresponds to a user fi-om said set of users; 

discover said second set of resource accounts fi*om said second resource; 

associate each resource account fi*om said second set of resource accounts 
with the corresponding user. 

28. (Original) The system of claim 27, wherein said software program is fiirther 
executable to: 

receive a correlation rule; and 

associate each resource account fi*om said second set of resource accounts with 
the corresponding user based on said correlation rule. 

29. (Original) The system of claim 27, further comprising: 

receiving a schema map for said second resource, wherein said schema map maps 
attributes firom said second resource to virtual attributes. 

30. (Original) The system of claim 29, wherein said virtual attributes are stored 
an identity index. 

31. (Original) The system of claim 27, fiuther comprising creating a virtual 
identity for each user firom said set of users. 
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32. (Original) The system of claim 31, wherein said virtual identity includes an 
resource account list associated said user with corresponding resource accounts. 

33. (Currently amended) A method for automated discovery of data comprising: 
receiving from a first administrator a definition of at least one computer- 
implemented source resource containing a set of information objects, wherein the set of 
information objects defines a set of users; 

a computer program process using the definition of the at least one source 
resource to discovering said set of users from said source resource; 

receiving from said first administrator a definition of a second resource containing 
a second set of information objects, wherein each information object from said second set 
of information objects corresponds to a user from said set of users; 

the computer program process using the definition of the second resource to 
discovering said second set of information objects from said additional second resource; 
and 

the computer program process associating each information object from said 
second set of information objects with the corresponding user from said set of users. 

34. (Original) The method of claim 33, further comprising: 

receiving from a second administrator a definition of at least one additional 
resource containing a third set of information objects, wherein each information object 
from said third set of information objects corresponds to a user from said set of users; 

associating each information object from said third set of information objects with 
the corresponding user from said set of users. 

35. (Original) The method of claim 34, further comprising, receiving a stray 
account definition from an end user. 

36. (Currently amended) A method for discovering information comprising: 
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receiving a source resource definition from a first administrator, wherein a set of 
users are discoverable from said source resourc e, wherein said source resource is a 
computer-implemented resource : 

a computer program process using the source resource definition to discovering 
said set of users from said source resource; 

receiving an additional resource definition from a second administrator, wherein 
said additional resource contains information objects corresponding to each user from 
said set of users; 

the computer program process using the additional resource definition to 
discovering said information objects from said additional resource; and 

the computer program process associating said information objects with said users 
from said set of users. 

37. (Original) The method of claim 36, wherein said information objects 
comprise user accounts. 

38. (Original) The method of claim 36, further comprising, receiving a user 
resource definition from an end-user, wherein said user resource contains an additional 
information object corresponding to said user; and 

39. (Original) The method of claim 38, wherein said additional information 
object comprises a user account. 

40. (Original) The method of claim 38, further comprising: 

requiring authentication from said user before associating said additional 
information object with said user. 

41. (Currently amended) A method for discovering data comprising: 

defining a computer-implemented first resource containing information objects 
defining at least one user from a set of users , wherein said defining produces a definition 
for the first resource : 
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a computer program process using the definition to discoveriftg said information 
objects based on said first resource definition; 

the computer program process associating each of said information objects with a 
user fi-om said set of users and with said first resource. 

42. (Original) The method of claim 41 wherein said resource comprises a soxu-ce 
resource. 

43. (Original) The method of claim 41 fiirther comprising: 
defining a source resource; and 

discovering said set of users fi*om said source resource. 

44. (Original) The method of claim 41, wherein said information objects 
comprise user accounts. 

45. (Original) The method of claim 44, further comprising: 
creating a virtual identity for each user from said set of users; 

maintaining a resource account list for each virtual identity, wherein the resource 
account list for each virtual identity lists the resource accounts with which the 
corresponding user is associated and the resource firom which each resource account was 
discovered. 

46. (Original) The method of claim 45, further comprising: 

defining a schema map for said first resource, wherein said schema map maps an 
attribute from said first resource to a virtual attribute. 

47. (Original) The method of claim 41, further comprising, defining a role for at 
least one user from said set of users. 

48. (Currently amended) A method of discovering information comprising: 
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receiving a first resource definition from a first administrator, wherein said first 
resource contains a first set of information objects defming at least one user from a set of 
users , wherein said first resource is a computer-implemented resource : 

receiving a second resource definition from a second administrator, wherein said 
second resource contains a second set of information objects defining at least one user 
from said set of users; 

a computer program process using the first resource definition to discovering said 
first set of information objects from said first resource; 

the computer program process associating each information object from said first 
set of information objects with at least one user from said set of users and with said first 
resource; 

the computer program process using the second resource definition to discovering 
said second set of information objects from said second resource; and 

the computer program process associating each information object from said 
second set of information objects with at least one user from said set of users and with 
said second resource. 

49. (Original) The method of claim 48 further comprising: 

receiving a first source resource definition from said first administrator, wherein 
said source resource contains information objects defining at least a first portion of said 
set of users; and 

discovering at least said first portion of said set of users from said first source 
resource. 

50. (Original) The method of claim 49, fiirther comprising: 

receiving a second source resource definition from said second administrator, 
wherein said second source resource contains information objects defining at least a 
second portion of said set of users; and 

discovering at least said second portion of said set of users from said second 
source resource. 
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51 (Original) The method of claim 50 further comprising: 

receiving a third resource defmition from an end-user, wherein said third resource 

contains a stray information object; 

discovering said stray information object from said third resource; and 
associating said stray information object with said end-user and with said third 

resource. 

52 (Currently amended) A method for discovertag informatton comprising: 
defining a plurality of compuLr-implemented reaources, wherein each of the 

plurality of resources contains a set of information objects defining at least one user ftom 

r 1 ,,,ifli-f , i-r r"''-"'''-fi"i'i""f"'-'-"'-''""''°'-°^^^ ^ 

information objects from each of the plurality of resources; and 

. ...^^nmcess a ssociating each infonnation object from satd sets 
of information objects with a user from said set of users and with the resource ftom 
which the corresponding information object was discovered. 

53 (Original) The method otclaim 52, further comprising: 

defining at least one source resource from which said set of u«rs are 

discoverable; and 

discovering said set of users ftom said at least one source resource. 

54 (Original) The method ofclaim 53, fiirther comprising: 

associating each source resource infom»tion object from a set of source resource 
infom^tion objects with a user ftom said set of users and with said source resource, 
whereto said source resource fimher comprises said set of source resource information 
objects defining said set of users. 

55. (Origmal) The method ofclaim 52, further comprising: 
defining a correlation rule; and 
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associating each information object from said sets of inforaiation objects with a 
user based on said correlation rule. 

56. (Original) The method of claim 52, wherein each information object 
comprises a resource account. 

57. (Origmal) The method of claim 56, further comprising creating a virtual 
identity for each user, wherein each said virtual identity comprises a resource account list 
comprising a Ust of information objects associated with the corresponding user and the 
resource from which each such information object was discovered. 

58. (Original) The method of claim 52, further comprising providing connection 
information for each of the pluraUty of resources. 

59. (Original) The method of claim 52, further comprising defining at least one 
role for at least one user from said set of users, wherein said at least one role defines a set 
of resources from said plurality of resources from which information objects will be 
discovered for the corresponding user. 
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